App Testing (and Retesting): When Are You Secure Enough to Launch?

Enterprises recognize the need for cutting-edge, user-friendly apps, but CA Veracode reports that of 12,000 security professionals surveyed, 69 percent cite application-layer vulnerabilities as the greatest threats to app security. What's more worrisome is that just 10 percent of respondents say that their apps were reviewed for security before, during and after launch. App testing remains the most effective way to prevent problems down the line — so how you know when your app is ready for prime time?

What's the Big Deal?

Application flaws can lead to security breaches. If hackers are able to compromise your application, it's possible for them to leapfrog onto secure networks and gain admin access permissions. But that's not the only problem: Apps that aren't properly tested aren't ready to go live — and an app that's launched prematurely can end up costing your business millions. Healthcare.gov is a good example. As noted by Focus, pushing the site live before it was ready racked up $121 million in repair costs, and that's on top of the $90 million spent building the site. Aberdeen Group, meanwhile, reports that downtime if a critical application fails can cost the average company $164,000 per hour — all because that app wasn't properly tested. So how do companies effectively evaluate their apps before launch?

Step 1: Get Back to Basics

A sure sign your app isn't ready for launch? Basic features are missing. While it can be tempting to patch certain features into an app after it goes live, the reality is that this rarely happens. As IT developers know, once an app is out the door, another one is queued up for development. Consider the Core App Quality standards created by Android, for example. They include basic expectations for mobile apps in categories such as standard design, navigation and notifications, along with links to appropriate testing protocols. Try to publish an app without following these guidelines and it will be rejected.

If you're developing in-house applications, it's helpful to think the same way: What critical functions must be present before an app has any chance of going live? What specific kind of app testing relates to each feature?

Step 2: Consider User Perception

As Mobtest contends, users are fickle. Twenty-two percent of users abandon apps after the first use, and that number climbs to 66 percent after just 11 uses. For enterprise-app development, this means that just because an application is developed in-house, there's no guarantee employees will use it. Even if it's the "next big thing" and the official word from C-suite executives is that the new app must replace existing third-party solutions, unhappy users will find ways around the rules. This could mean opting for methods that take more time but avoid using the new app, or continuing to use old apps for heavy lifting and only using the in-house version for the final push. Bottom line: If your app testing doesn't include user engagement, you're missing the mark.

Step 3: Plan for Testing (and Testers)

According to TechRepublic, app testing doesn't "just happen." While some testing happens naturally during the build process, and end-users will always discover flaws once an app goes live, this organic kind of testing isn't enough in isolation. To effectively test apps, companies need to design testing plans that cover what gets tested, when, and how metrics are used to build better versions. Next, enterprises need to consider feedback outside the development group. Choose multiple testers with varied technology backgrounds and corporate roles to find out where the app shines — and where it needs to be polished.

Step 4: Retest. Retest. Retest.

This is the part most companies dread — and often avoid by launching early. Don't. Don't skip the retest, first of all, but also don't try to manage this kind of workload using local IT alone. Retesting is largely a question of volume: Can your app handle multiple, simultaneous users all doing the same thing? Different things? Is it vulnerable to a network-wide penetration test? Will it cause unexpected conflicts? The best way to answer these questions is through a combination of static and dynamic application testing. To handle the volume of retests required and verify the results of each one, your best bet is a cloud-based security vendor that can quickly locate hidden flaws and chase down app vulnerabilities.

Want to know if your application is ready to go live? Start with the basics, think of your user base and have a testing plan in place. Next, get down to the nitty-gritty and retest, retest, retest. Then — only then — is it time to launch.

Get all the latest news, tips and articles delivered right to your inbox.

Cookie Use

We use cookies to collect information to help us personalise your experience and improve the functionality and performance of our site. By continuing to use our site [without first changing your browser setting], you consent to our use of cookies. For more information see our cookies policy.